package pl.net.bluesoft.rnd.processtool.plugins;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import pl.net.bluesoft.rnd.processtool.model.UserData;
import pl.net.bluesoft.rnd.processtool.roles.IUserRolesManager;
import pl.net.bluesoft.rnd.processtool.usersource.IPortalUserSource;
import pl.net.bluesoft.rnd.pt.utils.lang.Lang2;

/* loaded from: input_file:WEB-INF/classes/pl/net/bluesoft/rnd/processtool/plugins/PermissionFilter.class */
public class PermissionFilter implements Filter {
    public static final String AUTHORIZED = "Aperte_Authorized";

    @Autowired
    private IUserRolesManager userRolesManager;

    @Autowired
    private IPortalUserSource portalUserSource;
    private static final Logger logger = Logger.getLogger(PermissionFilter.class.getName());
    private static final Collection<String> ROLE_NAMES = Arrays.asList("ADMINISTRATOR", "MODELER_USER");

    public PermissionFilter() {
        SpringBeanAutowiringSupport.processInjectionBasedOnCurrentContext(this);
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.portalUserSource == null) {
            SpringBeanAutowiringSupport.processInjectionBasedOnCurrentContext(this);
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) Lang2.assumeType(servletRequest, HttpServletRequest.class);
        HttpServletResponse httpServletResponse = (HttpServletResponse) Lang2.assumeType(servletResponse, HttpServletResponse.class);
        HttpSession session = httpServletRequest.getSession();
        if (session.getAttribute(AUTHORIZED) != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        UserData userByRequest = this.portalUserSource.getUserByRequest(httpServletRequest);
        if (userByRequest == null) {
            logger.warning("Failed to authorize user");
            httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Aperte Modeler\"");
            httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        } else {
            logger.info("Successfully authorized user: " + userByRequest.getLogin());
            logger.info("Matched role for user " + userByRequest.getLogin());
            session.setAttribute(AUTHORIZED, userByRequest.getLogin());
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private boolean isRoleExistForUser(UserData userData) {
        for (String str : ROLE_NAMES) {
            if (this.userRolesManager.getUsersByRole(str).contains(userData)) {
                logger.info("Matched role " + str + " for user " + userData.getLogin());
                return true;
            }
            continue;
        }
        return false;
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
